X509Certificate2.PrivateKey Property
Definition
Important
Some information relates to prerelease product that may be substantially modified before it’s released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
Caution
X509Certificate2.PrivateKey is obsolete. Use the appropriate method to get the private key, such as GetRSAPrivateKey, or use the CopyWithPrivateKey method to create a new instance with a private key.
Gets or sets the AsymmetricAlgorithm object that represents the private key associated with a certificate.
public:
property System::Security::Cryptography::AsymmetricAlgorithm ^ PrivateKey { System::Security::Cryptography::AsymmetricAlgorithm ^ get(); void set(System::Security::Cryptography::AsymmetricAlgorithm ^ value); };public System.Security.Cryptography.AsymmetricAlgorithm? PrivateKey { get; set; }[System.Obsolete("X509Certificate2.PrivateKey is obsolete. Use the appropriate method to get the private key, such as GetRSAPrivateKey, or use the CopyWithPrivateKey method to create a new instance with a private key.", DiagnosticId="SYSLIB0028", UrlFormat="https://aka.ms/dotnet-warnings/{0}")]
public System.Security.Cryptography.AsymmetricAlgorithm? PrivateKey { get; set; }public System.Security.Cryptography.AsymmetricAlgorithm PrivateKey { get; set; }member this.PrivateKey : System.Security.Cryptography.AsymmetricAlgorithm with get, set[<System.Obsolete("X509Certificate2.PrivateKey is obsolete. Use the appropriate method to get the private key, such as GetRSAPrivateKey, or use the CopyWithPrivateKey method to create a new instance with a private key.", DiagnosticId="SYSLIB0028", UrlFormat="https://aka.ms/dotnet-warnings/{0}")>]
member this.PrivateKey : System.Security.Cryptography.AsymmetricAlgorithm with get, setPublic Property PrivateKey As AsymmetricAlgorithmProperty Value
An AsymmetricAlgorithm object, which is either an RSA or DSA cryptographic service provider.
- Attributes
Exceptions
The key value is not an RSA or DSA key, or the key is unreadable.
The value being set for this property is null.
The key algorithm for this private key is not supported.
The X.509 keys do not match.
The cryptographic service provider key is null.
.NET Core and .NET 5+ only: An attempt was made to set this property.
Examples
The following code example opens the current user certificate store, selects only active certificates, then allows the user to select one or more certificates. The example then writes certificate information to the console.
#using <System.dll>
#using <System.Security.dll>
using namespace System;
using namespace System::Security::Cryptography;
using namespace System::Security::Permissions;
using namespace System::IO;
using namespace System::Security::Cryptography::X509Certificates;
int main()
{
try
{
X509Store ^ store = gcnew X509Store( "MY",StoreLocation::CurrentUser );
store->Open( static_cast<OpenFlags>(OpenFlags::ReadOnly | OpenFlags::OpenExistingOnly) );
X509Certificate2Collection ^ collection = dynamic_cast<X509Certificate2Collection^>(store->Certificates);
X509Certificate2Collection ^ fcollection = dynamic_cast<X509Certificate2Collection^>(collection->Find( X509FindType::FindByTimeValid, DateTime::Now, false ));
X509Certificate2Collection ^ scollection = X509Certificate2UI::SelectFromCollection(fcollection, "Test Certificate Select","Select a certificate from the following list to get information on that certificate",X509SelectionFlag::MultiSelection);
Console::WriteLine( "Number of certificates: {0}{1}", scollection->Count, Environment::NewLine );
System::Collections::IEnumerator^ myEnum = scollection->GetEnumerator();
while ( myEnum->MoveNext() )
{
X509Certificate2 ^ x509 = safe_cast<X509Certificate2 ^>(myEnum->Current);
array<Byte>^rawdata = x509->RawData;
Console::WriteLine( "Content Type: {0}{1}", X509Certificate2::GetCertContentType( rawdata ), Environment::NewLine );
Console::WriteLine( "Friendly Name: {0}{1}", x509->FriendlyName, Environment::NewLine );
Console::WriteLine( "Certificate Verified?: {0}{1}", x509->Verify(), Environment::NewLine );
Console::WriteLine( "Simple Name: {0}{1}", x509->GetNameInfo( X509NameType::SimpleName, true ), Environment::NewLine );
Console::WriteLine( "Signature Algorithm: {0}{1}", x509->SignatureAlgorithm->FriendlyName, Environment::NewLine );
Console::WriteLine( "Private Key: {0}{1}", x509->PrivateKey->ToXmlString( false ), Environment::NewLine );
Console::WriteLine( "Public Key: {0}{1}", x509->PublicKey->Key->ToXmlString( false ), Environment::NewLine );
Console::WriteLine( "Certificate Archived?: {0}{1}", x509->Archived, Environment::NewLine );
Console::WriteLine( "Length of Raw Data: {0}{1}", x509->RawData->Length, Environment::NewLine );
x509->Reset();
}
store->Close();
}
catch ( CryptographicException^ )
{
Console::WriteLine( "Information could not be written out for this certificate." );
}
}
using System;
using System.Security.Cryptography;
using System.Security.Permissions;
using System.IO;
using System.Security.Cryptography.X509Certificates;
class CertSelect
{
static void Main()
{
X509Store store = new X509Store("MY",StoreLocation.CurrentUser);
store.Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly);
X509Certificate2Collection collection = (X509Certificate2Collection)store.Certificates;
X509Certificate2Collection fcollection = (X509Certificate2Collection)collection.Find(X509FindType.FindByTimeValid,DateTime.Now,false);
X509Certificate2Collection scollection = X509Certificate2UI.SelectFromCollection(fcollection, "Test Certificate Select","Select a certificate from the following list to get information on that certificate",X509SelectionFlag.MultiSelection);
Console.WriteLine("Number of certificates: {0}{1}",scollection.Count,Environment.NewLine);
foreach (X509Certificate2 x509 in scollection)
{
try
{
byte[] rawdata = x509.RawData;
Console.WriteLine("Content Type: {0}{1}",X509Certificate2.GetCertContentType(rawdata),Environment.NewLine);
Console.WriteLine("Friendly Name: {0}{1}",x509.FriendlyName,Environment.NewLine);
Console.WriteLine("Certificate Verified?: {0}{1}",x509.Verify(),Environment.NewLine);
Console.WriteLine("Simple Name: {0}{1}",x509.GetNameInfo(X509NameType.SimpleName,true),Environment.NewLine);
Console.WriteLine("Signature Algorithm: {0}{1}",x509.SignatureAlgorithm.FriendlyName,Environment.NewLine);
Console.WriteLine("Public Key: {0}{1}",x509.PublicKey.Key.ToXmlString(false),Environment.NewLine);
Console.WriteLine("Certificate Archived?: {0}{1}",x509.Archived,Environment.NewLine);
Console.WriteLine("Length of Raw Data: {0}{1}",x509.RawData.Length,Environment.NewLine);
X509Certificate2UI.DisplayCertificate(x509);
x509.Reset();
}
catch (CryptographicException)
{
Console.WriteLine("Information could not be written out for this certificate.");
}
}
store.Close();
}
}
Imports System.Security.Cryptography
Imports System.Security.Permissions
Imports System.IO
Imports System.Security.Cryptography.X509Certificates
Class CertSelect
Shared Sub Main()
Dim store As New X509Store("MY", StoreLocation.CurrentUser)
store.Open(OpenFlags.ReadOnly Or OpenFlags.OpenExistingOnly)
Dim collection As X509Certificate2Collection = CType(store.Certificates, X509Certificate2Collection)
Dim fcollection As X509Certificate2Collection = CType(collection.Find(X509FindType.FindByTimeValid, DateTime.Now, False), X509Certificate2Collection)
Dim scollection As X509Certificate2Collection = X509Certificate2UI.SelectFromCollection(fcollection, "Test Certificate Select", "Select a certificate from the following list to get information on that certificate", X509SelectionFlag.MultiSelection)
Console.WriteLine("Number of certificates: {0}{1}", scollection.Count, Environment.NewLine)
For Each x509 As X509Certificate2 In scollection
Try
Dim rawdata As Byte() = x509.RawData
Console.WriteLine("Content Type: {0}{1}", X509Certificate2.GetCertContentType(rawdata), Environment.NewLine)
Console.WriteLine("Friendly Name: {0}{1}", x509.FriendlyName, Environment.NewLine)
Console.WriteLine("Certificate Verified?: {0}{1}", x509.Verify(), Environment.NewLine)
Console.WriteLine("Simple Name: {0}{1}", x509.GetNameInfo(X509NameType.SimpleName, True), Environment.NewLine)
Console.WriteLine("Signature Algorithm: {0}{1}", x509.SignatureAlgorithm.FriendlyName, Environment.NewLine)
Console.WriteLine("Public Key: {0}{1}", x509.PublicKey.Key.ToXmlString(False), Environment.NewLine)
Console.WriteLine("Certificate Archived?: {0}{1}", x509.Archived, Environment.NewLine)
Console.WriteLine("Length of Raw Data: {0}{1}", x509.RawData.Length, Environment.NewLine)
X509Certificate2UI.DisplayCertificate(x509)
x509.Reset()
Catch cExcept As CryptographicException
Console.WriteLine("Information could not be written out for this certificate.")
End Try
Next x509
store.Close()
End Sub
End Class
Remarks
Currently this property supports only RSA or DSA keys, so it returns either an RSA or a DSA object in .NET Core or an RSACryptoServiceProvider or a DSACryptoServiceProvider object in .NET Framework. If no private key is associated with the certificate, it returns null.
Warning
If you set this property to null or to another key without first deleting it, a private key file is left on the disk.
To properly delete the private key associated with this property, set PersistKeyInCsp to false, and then call the Clear method.
Applies to
Collaborate with us on GitHub
The source for this content can be found on GitHub, where you can also create and review issues and pull requests. For more information, see our contributor guide.
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for